Luca Deri ntop 1.2 a7-9 - Unauthorized File Retrieval

EDB-ID:

20143


Author:

dubhe

Type:

remote


Platform:

Linux

Date:

2000-08-02


source: https://www.securityfocus.com/bid/1550/info

ntop is a tool that shows the network usage, similar to what the popular top Unix command does. Starting ntop in web mode (with the -w parameter) starts ntop with it's own built in HTTP server, to allow remote access to the functions it provides. ntop does not properly authenticate requests and is vulnerable to a ../../ request whereby unauthorized files can be retrieved, including files which are only readable by root. 

The default directory ntop serves HTML from is /etc/ntop/html so to retrieve /etc/shadow one can request the following URL: http://URL:port/../../shadow